Privacy-preserving smart meter control strategy including energy storage losses

Privacy-preserving smart meter control strategies proposed in the literature so far make some ideal assumptions such as instantaneous control without delay, lossless energy storage systems etc. In this paper, we present a one-step-ahead predictive control strategy using Bayesian risk to measure and control privacy leakage with an energy storage system. The controller estimates energy state using a three-circuit energy storage model to account for steady-state energy losses. With numerical experiments, the controller is evaluated with real household consumption data using a state-of-the-art adversarial algorithm. Results show that the state estimation of the energy storage system significantly affects the controller’s performance. The results also show that the privacy leakage can be effectively reduced using an energy storage system but at the expense of energy loss.

💡 Research Summary

The paper addresses the growing privacy concerns associated with high‑resolution smart‑meter data, which can be exploited by non‑intrusive load monitoring (NILM) techniques to infer detailed appliance usage. While many prior works have proposed load‑signature‑moderation (LSM) using an energy‑storage system (ESS) to mask consumption patterns, they typically assume an ideal, lossless, and instantly controllable storage device. This study departs from those idealizations by introducing a realistic three‑circuit model of a battery‑based ESS that captures three dominant steady‑state loss mechanisms: (i) self‑discharge (modeled as an RC leakage), (ii) internal resistive loss (modeled by a series resistor), and (iii) conversion loss (modeled by constant efficiency factors for AC‑DC and DC‑AC converters). The resulting state‑update equation (5) explicitly relates the battery’s energy state Z at the next time step to the current state, the control power D, and the loss parameters γ, r, η_c, η_d. Constraints on feasible charging/discharging power (D_max, D_min) and on state‑of‑charge limits are derived (equations 6‑10), providing a physically consistent admissible control set.

Privacy is quantified using a Bayesian risk framework. The adversary is modeled as a Bayesian hypothesis tester who observes the smart‑meter reading Y_k = X_k + D_k (where X_k is the true household load and D_k the ESS power) and attempts to infer the hidden appliance‑state hypothesis H_k. By assigning zero cost to correct decisions and unit cost to errors, the Bayesian risk R_k reduces to the average error probability. The accumulated minimum Bayesian risk (AMBR) over a finite horizon N is adopted as the privacy metric, reflecting the best possible detection performance any adversary could achieve.

The control problem is cast as a partially observable Markov decision process (PO‑MDP). The appliance‑state process H_k follows a first‑order Markov chain with known transition matrix; observations X_k are generated from H_k via a known emission matrix. Because the full observation history I_k grows with time, the belief state π_k (the posterior distribution of H_k given I_k) serves as a sufficient statistic. The controller selects the ESS power D_k (or equivalently the smart‑meter reading Y_k) based on the current belief π_{k‑1} and battery state z_{k‑1}. The optimal policy μ* maximizes the sum of per‑step minimum Bayesian risks, which is solved via backward dynamic programming (Proposition 2). The resulting real‑time algorithm (Algorithm 1) performs a pre‑process step (selecting the optimal action), enforces power limits, updates the belief using Bayes’ rule, and updates the battery state using the three‑circuit model.

Experimental validation uses real household consumption traces from the ECO dataset. The scenario protects a daily water‑kettle usage event (8–9 am) by a 12 V, 100 Ah lithium‑ion battery. Model parameters (internal resistance 0.006 Ω, self‑discharge 3 %/month, converter efficiencies 95 %) are taken from typical battery specifications. The Markov transition and emission probabilities are learned from 30 days of labeled data. Simulations run with a 1‑minute time slot over a 60‑minute horizon. Results show: (1) the controller’s actions depend strongly on the initial state of charge; quantization of measurements introduces small peaks in the smart‑meter data, which could be exploitable by high‑precision adversaries, highlighting a trade‑off between measurement granularity and computational complexity (state space grows O(n²)). (2) In the absence of explicit battery‑state objectives, the controller tends to drive the ESS toward full charge, which improves privacy (higher AMBR reduction) but also increases energy loss. (3) A theoretical proposition demonstrates that placing the ESS in parallel with the house load yields strictly lower average energy loss than a series configuration; simulations confirm this. (4) Privacy improvement is significant: AMBR drops markedly compared to the no‑ESS baseline, yet the associated energy loss (E_loss) can be several percent of total consumption, quantifying the privacy‑energy trade‑off.

Key contributions include: (i) the first integration of a realistic ESS loss model into smart‑meter privacy control, (ii) the use of Bayesian risk as an operational privacy metric tightly coupled with optimal control, and (iii) thorough experimental evaluation with real data and a state‑of‑the‑art NILM adversary. Limitations are acknowledged: battery aging, temperature effects, and capacity fade are not modeled; the computational burden of the belief‑space DP grows quickly with finer measurement resolution, necessitating approximation schemes. Future work is suggested on multi‑ESS architectures (e.g., battery plus super‑capacitor), incorporation of degradation models, online learning of transition/emission probabilities, and development of scalable, possibly reinforcement‑learning‑based, controllers for real‑time deployment.